<?php 
include('../model/config.php');
if(isset($_SESSION['username'])) {
    header("Location: ingelogd.php");
}
if (isset($_POST['poging']))
{
    $_POST['poging'] = $_POST['poging'];
}
else
{
    $_POST['poging'] = 0;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Obstacle - Control Panel</title>
<link rel="stylesheet" href="../styles/stylemain.css"/>
<script src="../javascripts/modernizr-1.6.min.js"></script>
</head>

<body>
<form name="inloggen" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table style="width: 100%; text-align:center">
	<tr>
		<td colspan="2"><img src="../images/logo.png" alt="logo"><br><br></td>
	</tr>
	<tr>
		<td style="width:50%; text-align:right">Gebruikersnaam:</td>
		<td style="width:50%; text-align:left"><input type="text" placeholder="Vul je gebruikersnaam in" name="gebruikersnaam" size="35" ></td>
	</tr>
	<tr>
		<td style="width:50%; text-align:right">Wachtwoord: </td>
		<td style="width:50%; text-align:left"><input type="password" placeholder="Vul je wachtwoord in" name="wachtwoord" size="35"></td>
	</tr>
	<tr>
		<td colspan="2">
                    <input name="poging" type="hidden" value="<?php echo $_POST['poging']+1; ?>">
                    <input type="submit" name="Login" value="Inloggen">
                </td>
	</tr>
        <tr>
            <td colspan="2">
                <?php
                    
                    // A check to see if the browser is either mozilla firefox or google chrome
                    // if not, a warning will be shown that this site is best viewed in either one of them
                    include 'getbrowser.php';
                    $ua=getBrowser();
                    if ($ua['name'] != "Mozilla Firefox" AND $ua['name'] != "Google Chrome")
                    {
                        echo "Deze website werkt het beste in <a href=\"http://www.mozilla.org/\">Mozilla Firefox</a> of <a href=\"http://www.google.com/chrome/\">Google Chrome</a>";
                    }
                ?>
            </td>
        </tr>
</table>
</form>
    


<?php 
if(isset($_POST['Login'])) {
    if($_POST['poging'] == $cfg['attempts']) { // If you've allready had failed 3 attempts, you'll be sent to the password-recovery page
        header("Location: wachtwoord.php");
    }
    $username = strtoupper($_POST['gebruikersnaam']);

    $error = array();
    
    $query  = "SELECT * FROM user WHERE UserName='".$_POST['gebruikersnaam']."'";
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
    {
        if ($row['Activated'] != "T")
        {
            $error[] = 'Dit account is gedeactiveerd.';
        }
    }
    
    $activatederror = sizeof($error); // count the amount of errors
    if($activatederror == 0) { // If there are no errors (so basically when the user is activated), the username and password will be checked
        $checkg = mysql_result(mysql_query("SELECT COUNT(*) FROM user WHERE UserName='".$_POST['gebruikersnaam']."'"),0);
        $checkp = mysql_result(mysql_query("SELECT COUNT(*) FROM user WHERE UserName='".$_POST['gebruikersnaam']."' AND PassWord='".sha1($username.$_POST['wachtwoord'])."'"),0);
        
        if($_POST['gebruikersnaam'] == "" || $_POST['wachtwoord'] == "") {
        $error[] = 'Vul alle velden in!';
        }
        if($checkg == 0 && $_POST['gebruikersnaam'] != "") {
                $error[] = 'De ingevoerde gebruikersnaam is niet geregistreerd.';
        }
        if($_POST['wachtwoord'] != "" && $_POST['gebruikersnaam'] != "" && $checkp == 0) {
                $error[] = 'Het ingevoerde wachtwoord is niet correct.';
        }
    }

    $errors = sizeof($error); // count the amount of errors
    if($errors != 0) { // There is atleast 1 error
            echo '<table style="width: 100%; text-align:center"><tr><td>';
            echo '<span style="color:red">Kan niet inloggen omwille van de volgende reden(en):</span>';
            echo '<ul>';
                    for($i = 0; $i < $errors; $i++) {
                            echo '<li><span style="color:red">'.$error[$i].'</span></li>';
                    }
            echo '</ul>';
            echo '<span style="color:red">Poging '.$_POST['poging'].' van '.$cfg['attempts'].'</span>';
            echo '</td></tr></table>';
    } else {
            // Start a session and the user will be logged in
            session_start();
            $res = mysql_query("SELECT * FROM user WHERE UserName='".$_POST['gebruikersnaam']."'");
            $row = mysql_fetch_assoc($res);
            $_SESSION['username'] = $row['UserName'];
            $_SESSION['userid'] = $row['Id'];
            $_SESSION['admin'] = $row['Admin'];
            $_SESSION['function'] = $row['Function'];
            header("Location:  ingelogd.php");
    }
 } 
 ?>
</body>
</html>